Home/ Questions/Q 8080759
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T16:30:41+00:00

function killsession() { // global $_SESSION; $_SESSION = array(); if (session_id() != || isset($_COOKIE[session_name()]))

  • 0
function killsession()
{
  //  global $_SESSION;
    $_SESSION = array();
    if (session_id() != "" || isset($_COOKIE[session_name()])) {
        setcookie(session_name(), '', time() - 42000, '/');
    }
    session_unset();
    session_destroy();
    header("Location: "index");

}

Any ideas why $_SESSION[‘userid’] still stands after I run this function? I literally stay logged in.

Session name and start() is set at the top of every page.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As found on the PHP session_destroy() manual:

    session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.

    In order to kill the session altogether, like to log the user out, the session id must also be unset. If a cookie is used to propagate the session id (default behavior), then the session cookie must be deleted. setcookie() may be used for that.

    Example directly from PHP Manual:

    <?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Finally, destroy the session.
session_destroy();
?>

    Applying this example to your function:

    function killsession()
{
  // start the session, if started before, comment
  session_start();

  // Unset all of the session variables. 
  $_SESSION = array();

  // destroy the session, and not just the session data!
  if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
  }

  // destroy the session.
  session_destroy();

  // direct user
  header("Location: index.php");
}

    Consider this two session variables:

    $_SESSION['userid']=25;
$_SESSION['userName']='Super BuBu';

    The output for print_r($_SESSION);, will be:

    Array ( [userid] => 25 [userName] => Super BuBu )

    After calling the killsession() function, the output will be:

    Array ( );

    See this working example. Errors are suppose to appear in this environment due to previous outputs and headers being performed by the print_r and session interactions.

    • 0